Tags: infiniflow/ragflow
Tags
Fix: validate URL scheme and resolved IP before crawling to prevent S… …SRF (#14090) ### What problem does this PR solve? The POST /upload_info?url=<url> endpoint accepted a user-supplied URL and passed it directly to AsyncWebCrawler without any validation. There were no restrictions on URL scheme, destination hostname, or resolved IP address. This allowed any authenticated user to instruct the server to make outbound HTTP requests to internal infrastructure — including RFC 1918 private networks, loopback addresses, and cloud metadata services such as http://169.254.169.254 — effectively using the server as a proxy for internal network reconnaissance or credential theft. This PR adds an SSRF guard (_validate_url_for_crawl) that runs before any crawl is initiated. It enforces an allowlist of safe schemes (http/https), resolves the hostname at validation time, and rejects any URL whose resolved IP falls within a private or reserved network range. ### Type of change - [x] Bug Fix (non-breaking change which fixes an issue)
Docs: Update version references to v0.25.0 in READMEs and docs (#14257) ### What problem does this PR solve? - Update version tags in README files (including translations) from v0.24.0 to v0.25.0 - Modify Docker image references and documentation to reflect new version - Update version badges and image descriptions - Maintain consistency across all language variants of README files ### Type of change - [x] Documentation Update
Docs: Update version references to v0.24.0 in READMEs and docs (#13095) ### What problem does this PR solve? - Update version tags in README files (including translations) from v0.23.1 to v0.24.0 - Modify Docker image references and documentation to reflect new version - Update version badges and image descriptions - Maintain consistency across all language variants of README files ### Type of change - [x] Documentation Update
Docs: Update version references to v0.23.0 in READMEs and docs (#12253) ### What problem does this PR solve? - Update version tags in README files (including translations) from v0.22.1 to v0.23.0 - Modify Docker image references and documentation to reflect new version - Update version badges and image descriptions - Maintain consistency across all language variants of README files ### Type of change - [x] Documentation Update Co-authored-by: Jin Hai <[email protected]>
Feat: Fixed an issue where modifying fields in the agent operator cau… …sed the loss of structured data. #10427 (#11388) ### What problem does this PR solve? Feat: Fixed an issue where modifying fields in the agent operator caused the loss of structured data. #10427 ### Type of change - [x] New Feature (non-breaking change which adds functionality)
Docs: Update version references to v0.22.0 in READMEs and docs (#11211) ### What problem does this PR solve? - Update version tags in README files (including translations) from v0.21.1 to v0.22.0 - Modify Docker image references and documentation to reflect new version - Update version badges and image descriptions - Maintain consistency across all language variants of README files ### Type of change - [x] Documentation Update
Docs: Added v0.20.5 release notes. (#10014) ### What problem does this PR solve? _Briefly describe what this PR aims to solve. Include background context that will help reviewers understand the purpose of the PR._ ### Type of change - [x] Documentation Update
PreviousNext